Method and Apparatus for Authenticating Users of An Emergency Communication Network

ABSTRACT

An authentication system is configured to weight multiple available network supplied and user supplied authentication factors to determine whether a user should be provided with access to an Emergency Communication Network (ECN). The multiple factors may include the location of the user, MIN, short PIN, token, biometric information, and other information. The level of access to be provided to the user may be tiered based on the authentication level achieved during the weighting process. Authentication information may be shared between groups of individuals, so that the authentication requirements for group members may be reduced as other members of the group supply authentication information to the ECN. Group authentication may be used to enable group services such as conferencing and push-to-talk to be set up automatically for the group.

CROSS REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No. 11/481,076, filed Jul. 5, 2006, the content of which is hereby incorporated herein by reference.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates to communication networks and, more particularly, to a method and apparatus for authenticating users of an emergency communication network.

2. Description of the Related Art

In a serious disaster, such as a hurricane, flood, earthquake, or terrorist attack, it may be essential for emergency personnel to have access to a telephone network so that the response to the disaster may be coordinated. At the same time, people affected by the disaster may swamp the network with telephone calls thereby making it difficult for the emergency personnel to obtain access to the network. To ensure that emergency personnel are able to receive priority access to available network resources, a separate access system has been developed, which is commonly referred to as the Government Emergency Telecommunications Service (GETS).

The GETS is an emergency communications service designed to be used when national security and emergency personnel are unable to complete emergency calls through the regular telecommunication system. GETS uses the infrastructure of the Public Switched Telephone Network (PSTN) and wireless networks, but provides priority treatment and enhanced routing capabilities to increase the likelihood of a GETS call being able to be connected on the network. The GETS system is described in greater detail in Internet Engineering Task Force (IETF) Request For Comments (RFC) 3689 and 4190, and IETF Internet Draft (ID) draft-ietf-tsvwg-mlpp-that-works-04, the content of each of which is hereby incorporated herein by reference.

The wireless version of the GETS is referred as the Nationwide Wireless Priority Service (WPS). WPS provides a user with the ability to be placed at the top of the queue so that the WPS user will be provided with the next available channel from their closest cell once a channel becomes available. This enables WPS users to have priority access to wireless channels so that their calls can go through during the emergency.

Access to the GETS/WPS system is controlled through a dialing plan and Personal Identification Number (PIN) system. The user dials a universal access number using common telephone equipment such as a land line telephone call or a wireless telephone. Once connected, the user will be prompted to enter a specific long PIN number (e.g. 12 to 32 digits) followed by the telephone number of the person that the GETS/WPS user would like to call. If the PIN is correct, the call may be placed on the emergency network. If not, the user will be denied access to the GETS.

Emergency situations may be very stressful, which may make it difficult for a user to correctly remember the long PIN required to access the network. Particularly where the user is not accustomed to remembering the long PIN, the increased stress associated with the emergency situation may make it difficult for the user to remember their long PIN. Accordingly, users may often write their long PIN on a piece of paper or card which may be referenced during the emergency to enable them to access the GETS. Unfortunately, the user may not have access to the card when it is necessary to make an emergency telephone call. Additionally, there are restrictions on the way in which the long PIN may be stored. For example, government security regulations may prohibit the long PIN from being pre-programmed into a mobile phone, since the long PIN may be considered to be classified information. Similarly, even if the phone is pre-programmed with the long PIN the user may not have access to their own phone during the emergency situation.

In addition to problems remembering and dialing a long string of digits under stressful emergency conditions, reading and dialing a long number may take a relatively long time. For example, dialing a long 12-32 digit PIN may take on the order of 20-30 seconds. While this amount of time may be insignificant under normal circumstances, it may be more important during a crisis. Accordingly, it would be advantageous to provide another way to authenticate users seeking to access an emergency communication network.

SUMMARY OF THE INVENTION

A method and apparatus for authenticating users of an emergency communication network includes an authentication system configured to weight multiple available authentication factors to determine whether the user is an authorized user of the emergency communication network. The multiple factors may include the location of the user, a mobile telephone identification number, a token, a short 4-6 digit PIN, biometric information obtained by the user's telephone such as a fingerprint or retinal scan, voice identification information, speech identification information, and other factors that may tend to identify the user as a valid user of the ECN. The ECN may be the GETS/MSN or another emergency telephone network, either based on the current PSTN and wireless network, or based in future on the emerging voice (or multimedia) over IP (VoIP) systems. The authentication factors are collected and weighted to determine whether the user is sufficiently authenticated to access the ECN. Optionally, the method and apparatus may perform an initial determination and, if the user is insufficiently authenticated, may prompt the user for additional authentication information.

The amount of access provided to the user may be tiered based on the level of authentication for that user. For example, a user that remembers an entire long pin may be provided with the highest level of access or priority, while an user that remembers only 4 bits of the long pin may be provided with a relatively lower level of access to the ECN.

Authenticating the user in connection with a particular land line or wireless telephone enables the ECN to associate the land line or wireless telephone with the network so that inbound calls to that telephone may be handled via the ECN. This enables calls placed on the regular telephone network to be provided with the features of the ECN where the destination of the telephone call has been authenticated on the ECN network.

According to yet another embodiment of the invention, authentication information may come from contemporaneous use of the ECN by other members of a group, so that the authentication requirements of group members may be reduced as other members of the group authenticate with the ECN. In this embodiment, groups of individuals may be partially authenticated on the ECN as a result of the authentication of other members of the group, so that the group members may all use the ECN resources without all individually authenticating on the ECN. As the members of the group authenticate with the system, the collective authentication information received from the members of the group may be used to authenticate the remaining members of the group, so that fewer than all of the group members are required to provide full authentication information to obtain services associated with the emergency communication network. In addition, the ECN may create a voice or multimedia conference for users belonging to a group and authenticated as a group. This may allow new services such as push-to-talk group services, telephone conferences, in-bound dialing, and other services to take place on the ECN, either in the wireless or wired domain.

BRIEF DESCRIPTION OF THE DRAWINGS

Aspects of the present invention are pointed out with particularity in the appended claims. The present invention is illustrated by way of example in the following drawings in which like references indicate similar elements. The following drawings disclose various embodiments of the present invention for purposes of illustration only and are not intended to limit the scope of the invention. For purposes of clarity, not every component may be labeled in every figure. In the figures:

FIG. 1 is a functional block diagram of the GETS architecture;

FIG. 2 is a flow chart illustrating an example process of authenticating users of an emergency communication network according to an embodiment of the invention;

FIG. 3 is a flow chart illustrating an example process performed by an authentication server to authenticate users of an emergency communication network according to an embodiment of the invention;

FIG. 4 is a functional block diagram of an authentication server according to an embodiment of the invention; and

FIG. 5 is a diagram of a weighting process that may be used to reduce the length of a PIN required to obtain access to an emergency communication network.

DETAILED DESCRIPTION

The following detailed description sets forth numerous specific details to provide a thorough understanding of the invention. However, those skilled in the art will appreciate that the invention may be practiced without these specific details. In other instances, well-known methods, procedures, components, protocols, algorithms, and circuits have not been described in detail so as not to obscure the invention.

FIG. 1 illustrates the basic GETS architecture. Although an embodiment of the invention will be described in connection with the GETS architecture, the invention is not limited to this particular embodiment as other embodiments of the invention may be used to provide access to other emergency communication networks. For example, the invention may be used with the WPS and other emergency communication networks. The invention may also be used on deployed networks such as the PSTN or wireless networks, or may be deployed in connection with emerging voice and multimedia over IP networks in a similar manner. In the following description, the term “Emergency Communication Network”(ECN) will be used generically to refer to systems such as the GETS system, the WPS, other priority access systems, and dedicated networks of communication equipment that may be in existence or developed to provide emergency communication services. Thus, while embodiments of the invention may be advantageously employed with the GETS system, the invention is not limited in this manner as embodiments of the invention may also be employed in other situations as well.

As shown in FIG. 1, users of an ECN may use many different types of subscriber equipment 10 to access the ECN. For example, an ECN user may use a telephone 12 connected to a fixed land line to access the ECN. Similarly, the ECN user may use a modem 14 associated with a computer to enable the computer to communicate over the network. ECN users may also use other types of equipment, such as a Voice over Internet Protocol (VoIP) wireline phone 15 or VoIP wireless phone 16, a facsimile machine 17, a wireless telephone 18, or a public branch exchange 20, for example where the user is located in a building that provides access to shared telephone resources via a PBX.

The ECN user may also use a special secure telephone 22, such as a Secure Telephone Unit, third generation (STU-III) that may be switched between normal mode and secure mode. A secure telephone of this nature enables classified information to be discussed over the telephone, which would otherwise not be permitted using a standard telephone such as telephone 12, VoIP phone 15, 17, or wireless phone 18.

The ECN subscriber equipment may connect via an international gateway 24 or a local network gateway 26 to obtain access to the telephone resources that are provided in that area. For example, the GETS is a system that provides priority access to telephone resources rather than a separate network. Accordingly, the underlying network resources 28 in the GETS system are the same as those commonly employed by residents in the area to make telephone calls or otherwise communicate with each other. Other ECNs may have different configurations, for example may be wholly or partially formed of dedicated network resources, and as such the underlying network configuration may be somewhat different depending on how the ECN is set up.

The ECN is maintained in a constant state of readiness which maximizes the use of all of the available network resources 28 in the event of congestion or outages caused by an emergency, crisis, or war. For example, the network resources 28 may provide special access control to ECN users, enhanced routing for ECN calls, and priority treatment to the ECN users. The call will be routed to the intended destination 30 via further local networks 32 or an international gateway 36 so that the telephone call can be completed.

In general, authentication services on a network are provided by one or more authentication servers. The authentication servers are responsible for determining whether a user is who they are purporting to be. An authentication server may also determine whether a user is authorized to take particular actions on the network. In the GETS system, authentication services are provided by causing a call to be connected to the Federal Technology Service (FTS)/Defense Switched Network (DISN)/Diplomatic Telecommunications Service (DTS) 40. The FTS/DISN/DTS is responsible for authorizing users and determining which users should have access to the GETS. Where the ECN is separate from the GETS system, an authentication server on the ECN may perform these functions. In the following description, the term “authentication server” will be used to refer to any computing device that is configured to perform authentication services on an ECN.

To obtain access to the GETS network, a user conventionally was required to enter a long PIN. According to an embodiment of the invention, authentication on an emergency communication network may be performed by using a weighted authentication system in which multiple available authentication factors are considered to determine whether the user should be allowed to use the ECN. By looking at available authentication factors, the authentication server can make an authentication determination without requiring the user to input a long PIN.

FIG. 2 shows a flow chart of a process that may be used to obtain access to an ECN. The invention is not limited to this particular sequence, however, and the process shown in FIG. 2 is provided merely as a particular example of how a multi-factor authentication process may be used in connection with enabling access to an emergency communication network. As shown in FIG. 2, subscriber equipment such as the subscriber equipment discussed above in connection with the GETS architecture shown in FIG. 1 will register with the network (200). The registration process is a standard process and the invention is not intended to alter the manner in which the subscriber equipment interacts with the underlying equipment forming the communication network.

When the ECN user desires to make a call on the ECN network, the user will access the regular telephone network (202) such as by causing a handset to go off-hook, and dial an ECN emergency access number (204), for example by dialing a telephone number associated with the ECN. Different ECNs may have other ways of obtaining access and the invention is not limited to any particular way in which access to the ECN is accomplished. Similarly, the processes (200-204) may be reversed or performed in any desired order, and additional processes may be invoked as well, and the invention is not limited to the particular manner in which the user is initially connected to the ECN.

When the user accesses the ECN (204), the phone equipment on the network will recognize the call as an ECN emergency call and connect the call and an ECN emergency call will be initiated (206).

In connection with placement of the ECN call, authentication information will be collected from the user (208). Optionally, as discussed in greater detail below, authentication information may also be collected from other users that are contemporaneously authenticating with the ECN so that authentication of groups of users may take place. Collection of authentication information may be performed at any stage of the process illustrated in FIG. 2 and the invention is not limited to the particular manner in which the authentication information is collected. Thus, for example, authentication information may be collected in connection with registering the telephone on the network, prior to accessing the network, or in connection with dialing the ECN emergency access number. The invention is therefore not limited to an embodiment in which the authentication information is collected only once the telephone call has been initiated.

According to an embodiment of the invention, several different types of authentication information may be collected and used by the ECN to determine whether access should be granted to the ECN user.

For example, the system may collect multiple factors including something a person knows, such as a password or pass phrase, something the person has such as a magnetic strip card, smart card, or cell phone, and something that the person is, such as a biometric measurement (e.g. finger print or retinal scan). Some of the factors may be supplied by the network, using knowledge of end user terminals and/or location of terminal equipment. Other factors may be provided by the user, such as the user's simple PIN code, spoken password, or biometric information. Also, where group authentication is to be used, one or more of the factors may be provided by the other users of the ECN. A flexible combination of these factors depending on their availability may then be used to replace the single factor long PIN access code used in current implementation of the GETS system.

Several of the authentication factors can be supplied by the network. For example, when a user calls an ECN access number, the wireline or wireless network may collect information about the phone and pass it to the authentication server. If the user is calling via a wired network, the calling line ID and name information may sent to the authentication server and used by the authentication server as part of the authentication process. If the user is dialing from a mobile network, the mobile network may supply the calling line ID/name information associated with the cell phone (if available) and may also supply the Mobile Identification Number (MIN) or International Mobile Subscriber Identity (IMSI) numbers associated with the cell phone. The network may also supply the authentication server with the user's location when known—location information is a capability currently being implemented in cellular and wireless networks.

Other authentication factors may be supplied with the user, rather than the network. For example, the wired or wireless access device may also make biometric measurements of the user such as the user's fingerprint which can be performed by hardware on a handset. Alternatively, the user's retina scan, which may be conveniently performed by a camera and associated equipment in a video phone, may be supplied and used by the authentication server. One or more of these network supplied factors may be used in the authentication process.

The authentication server may also ascertain or request further factors from the user for authentication. For example, if the authentication server is satisfied with the factors the network has presented, it may simply prompt the user for a simple 4-6 digit short PIN keypad entry. As used herein, the term “short PIN” will be used to refer to a PIN that is up to 6 digits in length. The term “long PIN” will be used to refer to a PIN that is typically 12-32 digits in length, although which could also be longer than 32 digits. Alternately, or in combination, the authentication server may make a request for a spoken password from the user and use voice recognition to ascertain its validity. The authentication server may also make a biometric measurement on the user, for example by performing a voice recognition analysis of the caller's spoken words. One or more of these supplied factors may be used in the authentication process at the authentication server. The authentication algorithm is weighted since it is known that some factors such as speech recognition are not perfect or the speech sample taken may render a less than certain match, and may therefore be weighted less than other factors.

FIG. 2 illustrates several different types of information that may be collected and use by the authentication server to authenticate the user. As shown in FIG. 2, the location of the user may be used to determine if the user is in an area that is currently experiencing emergency conditions. In a natural disaster, such as an earthquake or tornado, the area affected by the emergency may be fairly well defined. A call placed from within a disaster area may be assumed to be more likely to be generated by a legitimate ECN user and, hence, may be more likely to be associated with an authorized use of the ECN system. The location information may be obtained, for example, from GPS or cellular triangulation information associated with the wireless telephone, a known termination location associated with a fixed land line, or in another manner.

Where the ECN is accessed from a mobile telephone, the mobile identification number of the telephone may be used to determine whether the mobile phone is associated with an authorized user of the ECN system. Specifically, during the registration process, each registered user may associate a particular mobile communication device, such as a cellular telephone, with their ECN access account. When that telephone is later used to place a call on the ECN system, the mobile identification number may be checked to determine whether the telephone being used is associated with an authorized user of the ECN system.

The mobile phone may also be configured to collect biometric information such as a fingerprint scan, a retinal scan, or voice signature from the user. The raw biometric data may be transmitted to the authentication server or locally compared by the mobile phone with expected biometric information. Where the comparison is locally compared, the mobile telephone may assert to the network that the user of the phone is the user that has been registered with the ECN system. This may be done by causing the phone to provide the long PIN on behalf of the user upon completion of a positive fingerprint scan.

Optionally, the user may also provide additional information, such as a short personal identification number, whatever digits of the standard long PIN that they remember, a spoken codeword, or a token such as a time-varying code associated with an RSA security device. Still further, the user may possess an RFID tag that may be read by the mobile phone or a RFID reader to verify that the user possesses the correct RFID signature. Any of this information may be provided to the authentication server to enable the authentication server to determine that the person using the subscriber equipment is a valid user of the ECN system.

Combinations of multiple factors also may be used by the ECN authentication system to determine whether an ECN access should be allowed. For example, the ECN authentication system may determine that a call is being placed by a wireless telephone that is within a known disaster area, and then determine that the mobile identification number of that telephone is associated with an authorized user or a group of authorized users. The combination of these two factors may make it more likely that the attempted access is a legitimate use of the ECN system.

Once the authentication information has been collected from the user (208) the available authentication information is transmitted to the ECN system (210). The raw authentication information may be transmitted to the ECN system or information derived from the raw authentication information may be transmitted to the ECN authentication server. For example, the subscriber equipment may perform a fingerprint scan and transmit the results of the fingerprint scan to the authentication server associated with the ECN system. Alternatively, the subscriber equipment may perform the fingerprint scan and perform a comparison with an expected fingerprint signature locally. The result of the comparison may then be transmitted to the authentication server or, if the result is positive, the standard long PIN may be transmitted to the authentication server on the user's behalf.

Once the ECN system has received the available authentication information, the ECN system will weight the various pieces of authentication information to determine whether the user should be allowed to obtain access to the resources associated with the ECN system (212). For example, the authentication server may determine whether the user is in a disaster zone, whether the subscriber equipment is a piece of subscriber equipment known to be associated with an authorized user, whether there is any indication that the user is the user that commonly uses that piece of equipment, and also weigh any other positive or negative factors.

As a result of the weighting process, the authentication server may determine an access level to be granted to the user in connection with this access attempt (214). For example, the authentication server may determine that the user is an authorized user with a 90% certainty rate. Based on this determination, the authentication server may grant access to the ECN system and allow the user to make ordinary telephone calls using the ECN system. However, the system may require a heightened level of certainty, such as a 95% certainty, to receive calls using ECN resources. Accordingly, differentiated access may be provided depending on the level of certainty associated with the authentication process. Similarly, the priority level of the person in a queue for network services may be adjusted based on the authentication certainty. For example, a user with a higher authentication level may be granted access above those with lower authentication certainty.

Once the authentication process has completed, the ECN access will be completed according to their access level (216). The call or multimedia session may be completed in a standard manner and the invention is not limited to the particular manner in which the user chooses to utilize the network resources.

FIG. 3 illustrates one example of a process that may be used by an authentication server to combine multiple authentication factors to determine a level of access to be provided to the ECN system. Although a particular example will be provided in connection with FIG. 3, the invention is not limited to this particular embodiment as many different ways of using the multiple authentication factors may be used as well without departing from the invention.

In the example shown in FIG. 3, when the authentication server receives the authentication information (300) it will weight the authentication information (302), combine the authentication factors (304), and then use resultant authentication level to determine a level of access to be provided to the user (306). For example, in connection with weighting the authentication factors, the authentication server may allocate a particular value to the authentication information depending on whether the user is in a disaster area or not. For example, in the illustrated embodiment if the user is in a disaster area the authentication server will allocate a value of +1 based on this fact. If the user is not in a disaster area, the authentication server may allocate +0 or may deduct a particular value, for example −5.

Similar weighting processes may be performed for other available authentication factors. For example, the authentication server may look to determine whether the Mobile Identification Number (MIN) is associated with a registered authorized user of the ECN system, whether the PIN matches a PIN associated with the user that is registered with the MIN, whether there is any token information and whether the token matches, and whether there is biometric information that may help provide information about the user of the telephone.

The various present authentication factors are assigned weights that then may be combined to determine an authentication level for the user. The function used to combine the factors may be determined according to policy to be implemented by the authentication server. For example, the factors may be added together, may be multiplied by scaling factors and added together, or may be otherwise combined. For example, assume that the policy was to automatically admit any mobile telephone in a disaster area where the MIN matched a registered MIN. The authentication server could implement this policy by combining the result of the first two weighting processes and determining if these two processes had a additive result of authentication=3. If so, the process of combining the authentication factors could result in an authentication value sufficiently large to enable access to the ECN. Multiple equations may be used to enable the available factors to be used to authenticate a user, and the invention is not limited to any particular set of equations.

In the embodiment shown in FIG. 3, the weighting occurs in two different steps. Specifically, when the authentication information is evaluated, a weighting occurs to assign authentication values to the authentication information. A second weighting process may occur when combining the authentication factors, for example by causing different functions to be used in connection with combining different selected authentication values to determine whether the user should be admitted to the ECN. The step of combining may thus result in several different authentication values based on combinations of factors. The invention is not limited to the particular embodiment shown in FIG. 3, as other ways of evaluating the authentication information may be used as well. For example, a single process may be used to weight and combine the various authentication factors. Similarly, although particular values have been provided and examples of different aspects of authentication information have been used to help provide a concrete understanding of how the invention may operate in a particular context, the invention is not limited by these particular details as other implementations may use different types of authentication information combined in different ways to implement different policy concerns.

Once the authentication factors are combined to obtain one or more authentication values, the authentication values are compared with one or more thresholds to determine whether the user should be provided with access to the ECN system and, optionally, what level of access should be provided to the ECN system. For example, as shown in FIG. 3, the authentication server may compare the highest authentication value with a first threshold to determine if the authentication value is above a first threshold. If not, the authentication server may deny access to the ECN system. If so, the authentication server may provide a first level of ECN system access to the user. Where differentiated levels of access are available on the ECN system, the authentication server may similarly check the authentication value(s) against other thresholds to determine which level of access should be provided to the user.

Optionally, the thresholds may be adjustable by the network administrator to enable the network administrator to change the way in which users are able to obtain access to the ECN during an emergency. Providing the network administrator to adjust the thresholds may enable the network administrator to optimize the manner in which the network resources are used during the emergency by allowing the network administrator to make it easier/harder for users to obtain access to the ECN.

The authentication server may use the highest authentication value computed during the step of combining the authentication factors, the lowest authentication value obtained in this process, or several of the authentication values. For example, the authentication server may require all authentication values to be above a particular threshold to provide second and third level access to the ECN system. This may be useful, for example, where there is a high likelihood that an authorized user of the ECN system is likely to have had their cellular telephone stolen.

By combining authentication factors available from the network and from the user in a flexible weighted authentication process, the authentication server is able to provide strong authentication services without requiring the user to remember a long PIN. Additionally, the authentication may be done quickly to hopefully increase the speed with which an authorized user of the network may access ECN network resources.

Although an embodiment of the invention has been described in connection with a user making a telephone call, the invention is not limited in this manner. Rather, any subscriber equipment may be authenticated using the multi-factor authentication process described herein. For example, a user may log into an Instant Messaging (IM) service and obtain access to the ECN services using the IM client. Thus, by using a multi-factor authentication process it may be possible to provide enhanced services such as instant messaging over the ECN or enabling talk groups to be formed without requiring the user to authenticate in connection with each message, so that emergency response personnel can coordinate response efforts. Similarly, a user may use the multi-factor authentication process described herein to access a video or voice over IP or other multimedia service.

Enabling multi-factor authentication may additionally enable a user to be sufficiently authenticated on the ECN to enable in-bound calls to the user to be handled by the ECN, even when those calls are not made by an authorized user of the ECN. For example, when a user authenticates with the ECN using the multi-factor process described herein, the ECN may retain authentication information for that user for a period of time. When another person would like to call the user, the person may call the universal ECN access number and dial the number of the person they would like to talk to. If the person they have dialed has recently authenticated on the ECN, the call may be placed on the ECN without requiring the person making the telephone call to authenticate with the ECN. Thus, as long as one of the parties has authenticated on the ECN within a given period of time, the communication session may take place on the ECN. This enables in-bound calls to an authorized user of the ECN to take place without requiring the person making the telephone call to authenticate on the ECN.

Where a call is allowed to take place on the ECN without requiring the person making the call to authenticate with the ECN, a possibility exists that spurious persons may attempt to make multiple phone calls or otherwise clog the ECN with inbound traffic to emergency personnel. Accordingly, the emergency personnel may provide feedback to the ECN e.g. via a code or otherwise, to enable the ECN to learn that spurious inbound calling has been taken place. This feedback may then be used by the ECN to deny access to the ECN for particular callers or to temporarily deny all inbound traffic over the ECN without authentication.

FIG. 5 shows an alternate embodiment of the invention in which multiple authentication factors are used to reduce the length of the PIN required to be entered by a user to authenticate with the ECN. As shown in FIG. 5, the multiple authentication factors may be weighted differently to individually or collectively reduce the number of digits required by a user when the user would like to use the ECN. For example, as shown in FIG. 5A, where the authentication server is not able to recognize any authentication factors associated with the user, the user may be required to input a full long PIN to obtain access to the ECN. In the illustrated example, it has been assumed that the long PIN is 32 digits long, although other lengths of long PIN are equally applicable.

Where, however, the authentication server is able to recognize particular authentication factors, the length of the PIN may be reduced to enable the user to obtain access to the ECN by entering fewer digits. For example, as shown in FIG. 5B, the authentication server in this example has determined that the MIN/MISN belongs to a registered user and has reduced the length of the PIN required for the user to obtain access to the system by 16 digits. Similarly, the authentication server in this example has determined that the user is in a geographic region that is currently considered a disaster area and has reduced the length of the PIN by 12 digits because of this factor. Thus, as a result, the user is only required to enter a short PIN that is 4 digits long to obtain access to the ECN in this example.

FIG. 5C shows another example in which the length of the PIN has been reduced by 16 digits because the user is calling into the system using a phone that has been registered with the system as belonging to the user, the PIN has been reduced by 6 digits because the system is able to recognize the user's voice, and the PIN has been reduced by 4 digits because the user was able to provide the authentication server with a token. As a result, the PIN required to be entered by the user to obtain access to the ECN has been reduced to 6 digits.

FIG. 5D shows yet another example of how the length of the PIN may be reduced as the authentication server collects authentication information. In the example shown in FIG. 5D, the long 32 digit PIN has been reduced by 16 digits because the phone belongs to the registered user and has been reduced by 12 digits since the user is in a geographic region that has been declared a disaster area. Further, the PIN has been reduced by an additional 4 digits because the user is part of a group that has collectively provided sufficient group authentication information for the system to automatically allow other members associated with the group to obtain direct access to the ECN. Accordingly, in this example, the user is not required to input any PIN to obtain access to the ECN.

In the illustrated examples, the factors may be weighted by causing the different factors to reduce the length of the PIN by a particular number of digits. Thus, whatever factors are present may be used by the system to determine the length of the PIN required to be input by the user. Although the illustrated examples show each authentication factor as providing a particular reduction in PIN length, the invention is not limited in this manner as combinations of authentication factors may combine to provide an increased reduction in PIN length. For example, the geographic region authentication factor may provide an 8 digit reduction in PIN length when taken alone and the MIN/MISN authentication factor may similarly provide an 10 digit reduction in PIN length when taken alone. However, the combination of the geographic region authentication factor and the MIN/MISN authentication factors may provide a 28 digit reduction in PIN length due to the relative strength of the combination of these two authentication factors.

In operation, the user will access the ECN and start entering the long PIN. Once the user has entered a sufficient number of digits (as determined by the system given the other available authentication factors) the user will be interrupted so that the user does not need to complete entry of the entire long PIN.

Although the present invention will work for individual authentication on the ECN, the invention is not limited in this manner as groups of individuals may collectively be authenticated by the authentication server as well. For example, a group of firefighters or other emergency personnel may routinely respond to a particular emergency as a group. To enable group authentication, a group profile may be created containing information associated with the group members, such as the mobile IDs of the communication devices commonly used by the group members. As members of the group authenticate with the authentication server, the authentication server may collect authentication information for the group to reduce the amount of authentication information required for the other group members to authenticate with the ECN. This may enable the group as a whole to be collectively authenticated to enable any communication device associated with the group profile to have access to the ECN. Alternatively, a manager may authenticate with the authentication server to cause the group of communication devices associated with the group profile to be allowed access to the ECN.

Enabling group authentication may be particular important, for example, in telephones equipped with push-to-talk features that provides instant communication between groups of associated telephones without requiring the users to dial telephone numbers. Group communication services could also be automatically set up in the network for groups authenticated by this method such as voice conferencing and video conferencing services.

FIG. 4 shows an embodiment of an authentication server 50 implemented on a computer platform according to an embodiment of the invention. The computer platform may be part of a network element such as a router, switch, application or call server, may be a general purpose computer, or another computer platform configured to perform authentication services on the network.

In the embodiment shown in FIG. 4, the authentication server includes a processor 52 containing control logic 54 configured to implement the functions associated with the authentication server described herein. The authentication server may also include a memory 56 configured to store authentication software 58 and a database of user profiles 60. The user profiles may include the group profiles described above. The control logic 54 may selectively retrieve data and instructions from the memory to enable the processor to implement the functions associated with the authentication service described herein and encoded into the authentication software 58.

The authentication software may include speech recognition software, voice recognition software, fingerprint matching software, retinal scan matching software, and other components configured to enable the authentication software perform biometric information comparisons. Similarly, the authentication software may include other components that will enable it to match available authentication information with information in the user profiles. Other components may be included in the authentication software as well.

As shown in FIG. 4, the authentication server may be pre-populated with profiles 60 of users expected to use the emergency system. The pre-populated information in the user profiles 60 may include the user's normal office, home, and cell phone calling numbers, mobile phone MIN or IMSI numbers, spoken passwords, and the standard long PIN code, and 4-6 digit short PIN code. For convenience to the user, the four to six digit short PIN code may simply be the first 4-6 digits of the long PIN code. The user profiles may also contain biometric information such as the user's hashed fingerprint scan signatures and voiceprint recognition signatures. Other information may be included in the user profiles 60 as well.

As described in greater detail above, the authentication server may use the authentication information supplied by the network and the user, in connection with the information contained in the user profiles 60, to determine whether the user should be allowed access to the ECN. As an example, if the authentication server receives a legitimate user's wireline calling line ID, it may prompt the user to supply the simpler 4-6 digit short PIN code, and/or analyze the user's spoken password before giving access to the system. As another example, if the authentication server receives a legitimate user's mobile MIN code from the network, and receives the user's location from the cellular system which indicates the user is in an emergency zone, the user may be given automatic priority access without further prompting or delay. As yet another example, if a user is calling from a telephone not related to their profile, and the system cannot recognize the user's voiceprint and/or short PIN code, the authentication server may prompt the user to input their full long PIN access code. If the user cannot enter the long PIN access code, then the user may be denied access to the system or have the call forwarded to an emergency operator for human intervention. In these examples, various available authentication factors are combined in a flexible and weighted process to result in strong yet minimally intrusive authentication for the ECN.

The memory may also contain policy information 62 enabling a system administrator to alter the manner in which the weighting process is accomplished so that the authentication server's response to a particular set of authentication factors may be adjusted in a desired manner.

The authentication server may include other components commonly found on standard computer platforms. For example, the authentication server may include a network interface 50 configured to enable messages to be received by the authentication server for processing in connection with the authentication service described herein. Many of these components have been omitted to avoid obfuscation of the invention.

The functions described above may be implemented as a set of program instructions that are stored in a computer readable memory and executed on one or more processors on the computer platform. However, it will be apparent to a skilled artisan that all logic described herein can be embodied using discrete components, integrated circuitry such as an Application Specific Integrated Circuit (ASIC), programmable logic used in conjunction with a programmable logic device such as a Field Programmable Gate Array (FPGA) or microprocessor, a state machine, or any other device including any combination thereof. Programmable logic can be fixed temporarily or permanently in a tangible medium such as a read-only memory chip, a computer memory, a disk, or other storage medium. Programmable logic can also be fixed in a computer data signal embodied in a carrier wave, allowing the programmable logic to be transmitted over an interface such as a computer bus or communication network. All such embodiments are intended to fall within the scope of the present invention.

It should be understood that various changes and modifications of the embodiments shown in the drawings and described in the specification may be made within the spirit and scope of the present invention. Accordingly, it is intended that all matter contained in the above description and shown in the accompanying drawings be interpreted in an illustrative and not in a limiting sense. The invention is limited only as defined in the following claims and the equivalents thereto. 

What is claimed is: 1-20. (canceled)
 21. A method of providing access to a communication service, the method comprising: collecting multiple elements of authentication information associated with a prospective user of the communication service, no single element of authentication information being sufficient to secure access to the communication service for the user; applying a weighted authentication process to the multiple elements of authentication information; and determining, from the weighted authentication process, a level of access to the communication service to provide to the user.
 22. The method of claim 21, wherein the determined level of access is selected from a plurality of levels of access, the plurality of access levels including a no access level.
 23. The method of claim 22, wherein the plurality of levels of access comprises at least two differentiated access levels in addition to the no access level.
 24. The method of claim 21, wherein at least one of the elements of authentication information is provided by a communication network which provides at least part of the communication service.
 25. The method of claim 21, wherein at least one of the multiple elements of authentication information comprises information associated with a device used to request authentication.
 26. The method of claim 21, wherein at least one of the multiple elements of authentication information comprises a location associated with a device used to request authentication.
 27. The method of claim 21, wherein at least one of the multiple elements of authentication information comprises biometric information associated with a prospective user of the communication service.
 28. The method of claim 21, further comprising prompting the prospective user for at least one of the multiple elements of authentication information.
 29. The method of claim 21, wherein requirements for one element of authentication information depend on information provided for another element of authentication information.
 30. The method of claim 29, wherein: an authentication identifier having a first number of characters is required when combined with first information provided for at least one other element of authentication information; and an authentication identifier having a second number of characters is required when combined with second information provided for the at least one other element of authentication information.
 31. A method of providing access to a communication service, the method comprising: collecting authentication information associated with a first prospective user of the communication service; authenticating the first prospective user based on the collected information; receiving from a second prospective user of the communication service a request to communicate with the first prospective user; and enabling the second prospective user to communicate with the first prospective user using the communication service without requiring the second prospective user to authenticate with the communication service.
 32. A method of providing access to a communication service, the method comprising: establishing a group association for a group of prospective users of the communication service; authenticating the first prospective user; and using information received from the authenticated first prospective user in authenticating other prospective users of the group of prospective users.
 33. The method of claim 32, wherein authenticating the first prospective user comprises: collecting authentication information from the first prospective user; and applying a weighted authentication process to the collected authentication information.
 34. The method of claim 32, wherein using information received from the authenticated first prospective user in authenticating other prospective users of the group of prospective users comprises enabling access to the communication service by the other prospective users without requiring authentication by the other prospective users.
 35. The method of claim 32, wherein using information received from the authenticated first prospective user in authenticating other prospective users of the group of prospective users comprises reducing a number of elements of authentication information required from other prospective users of the group for authentication of the other prospective users.
 36. The method of claim 32, wherein using information received from the authenticated first prospective user in authenticating other prospective users of the group of prospective users comprises reducing a length of a personal identifier required from other prospective users of the group for authentication of the other prospective users.
 37. An authentication server for providing access to a communication service, the server comprising: a processor, a storage medium connected to the processor storing authentication instructions for execution by the processor and a network interface connected to the processor and operable to connect the processor to a communication network providing at least part of the communication service, the authentication instructions comprising instructions executable by the processor: to collect multiple elements of authentication information associated with a prospective user of the communication service, no single element of authentication information being sufficient to secure access to the communication service for the user; to apply a weighted authentication process to the multiple elements of authentication information; and to determine, from the weighted authentication process, a level of access to the communication service to provide to the user.
 38. The server of claim 37, wherein the instructions executable to determine a level of access are instructions executable to select from a plurality of levels of access, the plurality of access levels including a no access level.
 39. The server of claim 38, wherein the plurality of levels of access comprises at least two differentiated access levels in addition to the no access level.
 40. The server of claim 37, wherein at least one of the elements of authentication information is provided by the communication network which provides at least part of the communication service.
 41. The server of claim 37, wherein at least one of the multiple elements of authentication information comprises information associated with a device used to request authentication.
 42. The server of claim 37, wherein at least one of the multiple elements of authentication information comprises a location associated with a device used to request authentication.
 43. The server of claim 37, wherein at least one of the multiple elements of authentication information comprises biometric information associated with a prospective user of the communication service.
 44. The server of claim 37, wherein the authentication instructions further comprise instructions executable to prompt the prospective user for at least one of the multiple elements of authentication information.
 45. The server of claim 37, wherein requirements for one element of authentication information depend on information provided for another element of authentication information.
 46. The server of claim 45, wherein the authentication instructions comprise instructions executable by the processor: to require an authentication identifier having a first number of characters when combined with first information provided for at least one other element of authentication information; and to require an authentication identifier having a second number of characters when combined with second information provided for the at least one other element of authentication information.
 47. An authentication server for providing access to a communication service, the server comprising: a processor, a storage medium connected to the processor storing authentication instructions for execution by the processor and a network interface connected to the processor and operable to connect the processor to a communication network providing at least part of the communication service, the authentication instructions comprising instructions executable by the processor: to collect authentication information associated with a first prospective user of the communication service; to authenticate the first prospective user of the communication service based on the collected authentication information; to receive from a second prospective user of the communication service a request to communicate with the first prospective user; and to enable the second prospective user to communicate with the first prospective user using the communication service without requiring the second prospective user to authenticate with the communication service.
 48. An authentication server for providing access to a communication service, the server comprising: a processor, a storage medium connected to the processor storing authentication instructions for execution by the processor and a network interface connected to the processor and operable to connect the processor to a communication network providing at least part of the communication service, the authentication software comprising instructions executable by the processor: to establish a group association for a group of prospective users of the communication service; to authenticate the first prospective user; and to use information received from the authenticated first prospective user in authenticating other prospective users of the group of prospective users.
 49. The server of claim 48, wherein the instructions executable to authenticate the first prospective user comprise instructions executable: to collect authentication information from the first prospective user; and to apply a weighted authentication process to the collected authentication information.
 50. The server of claim 48, wherein the instructions executable to use information received from the authenticated first prospective user in authenticating other prospective users of the group of prospective users comprise instructions executable to enable access to the communication service by the other prospective users without requiring authentication by the other prospective users.
 51. The server of claim 48, wherein the instructions executable to use information received from the authenticated first prospective user in authenticating other prospective users of the group of prospective users comprise instructions executable to reduce a number of elements of authentication information required from other prospective users of the group for authentication of the other prospective users.
 52. The server of claim 48, wherein the instructions executable to use information received from the authenticated first prospective user in authenticating other prospective users of the group of prospective users comprise instructions executable to reduce a length of a personal identifier required from other prospective users of the group for authentication of the other prospective users. 